자바(Java)
자바 jsp 파일 다운로드
xemaker
2019. 12. 12. 09:52
<%@ page import="java.util.*, java.io.*, java.net.*"%>
<script type="text/javascript">
function callDown(){
var file_name=document.getElementById("file_name").value;
var targetURL="/aa/adminLogDown?file_name="+file_name;
location.href=targetURL;
}
<input id="file_name" type="text" size="50">
<button onclick="callDown();">Download</button>
<%
String line="";
String file_name=(String) request.getParameter("file_name");
//취약점 대응(윈도우 경로는 C:/aa/aa)
if(file_name!=null){
file_name=file_name.replace("../","");
file_name=file_name.replace("./","");
file_name=file_name.replace(".\\","");
file_name=file_name.replace("..\\","");
file_name=file_name.replace("%","");
file_name=file_name.replace(";","");
}
File f =new File(file_name);
if(f.exists()){
byte buff[] = new byte[1024*20];
int bytesRead;
try{
response.setContentType("application/x-donwload");
response.setHeader("Content-Disposition","attachment; filename="+file_name);
FileInputStream fin=new java.io.FileInputStream(f);
BufferedInputStream bis=new BufferedInputStream(fin);
ServletOutputStream fout=response.getOutputStream();
BufferedOutputStream bos=new BufferedOutputStream(fout);
while((bytesRead=bis.read(buff))!=-1){
bos.write(buff,0,bytesRead);
}
bos.flush();
fin.close();
fout.close();
bis.close();
bos.close();
}catch(IOException e){
response.setContentType("text/html");
out.println("Error:"+e.getMessage());
line=e.getMessage();
}
}else{
response.setContentType("text/html");
line="file is not exist";
}
}
%>
<%=line%>
<script type="text/javascript">
function callDown(){
var file_name=document.getElementById("file_name").value;
var targetURL="/aa/adminLogDown?file_name="+file_name;
location.href=targetURL;
}
<input id="file_name" type="text" size="50">
<button onclick="callDown();">Download</button>
<%
String line="";
String file_name=(String) request.getParameter("file_name");
//취약점 대응(윈도우 경로는 C:/aa/aa)
if(file_name!=null){
file_name=file_name.replace("../","");
file_name=file_name.replace("./","");
file_name=file_name.replace(".\\","");
file_name=file_name.replace("..\\","");
file_name=file_name.replace("%","");
file_name=file_name.replace(";","");
}
File f =new File(file_name);
if(f.exists()){
byte buff[] = new byte[1024*20];
int bytesRead;
try{
response.setContentType("application/x-donwload");
response.setHeader("Content-Disposition","attachment; filename="+file_name);
FileInputStream fin=new java.io.FileInputStream(f);
BufferedInputStream bis=new BufferedInputStream(fin);
ServletOutputStream fout=response.getOutputStream();
BufferedOutputStream bos=new BufferedOutputStream(fout);
while((bytesRead=bis.read(buff))!=-1){
bos.write(buff,0,bytesRead);
}
bos.flush();
fin.close();
fout.close();
bis.close();
bos.close();
}catch(IOException e){
response.setContentType("text/html");
out.println("Error:"+e.getMessage());
line=e.getMessage();
}
}else{
response.setContentType("text/html");
line="file is not exist";
}
}
%>
<%=line%>